> Hi we have a setup with postfixadmin and virtual users.. everything
> works great, but we have one issue.
>
> We want to use a 3rd party spam service provider.. but we dont want to
> set our MX records to them..
>

I work for one of those "third party spam service providers" (no, I can't
which one, sorry.)

If you receive all of your email, forward it to a 3rd party, ask them to
filter it, and send legitimate mail back to you, you're going to be
blowing a huge amount of bandwidth. You'll be sending spam messages
through your pipe at least twice, and legitimate mail through at least
three times. Not a good idea.

Also, most third part spam service providers use some form of IP
reputation schema. This means that you will be sending all of your mail
flow (including spam) to them, and this will poison their IP reputation
database AGAINST you. This means that they will start to consider all
messages that come from you as spam, and this will skew their results. In
the end, they will most likely start blocking legitimate mail just based
on the reputation of your IP address.

> The thing we want is to be able to filter all mail that does not come
> from this 3rd party.. and redirect it to them..

If you don't redirect your MX record to the third party, how will email
destined for your domain(s) ever reach the third party in the first place
unless you send it to them? Because you don't want to change your MX
record to point to the third party, there is zero chance that they will
get your email in the first place. This means that 100% of your mail from
come from the original sender (or open relay in the case of most spam),
not from the third party.

Do the smart thing. Change your MX record to the third party, and allow
them to do what you are paying them to do for you. It will save your
bandwidth, CPU cycles, disk storage, and will make your users happier in
the end.